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DETAILED ACTION 

1 . This is in response to the amendment filed on 26 July 2005. 

2. Claims 1-28 are pending in the application. 

3. Claims 1-28 have been rejected. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-21 have been considered but are moot in view 
of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

5. Claims 1-7 and 22 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Hankinson et al U.S. Patent No. 6,799,202 Bl. 

As to claim 1, Hankinson et al discloses a load balancing acceleration device, 
comprising: 

a processor, memory and communications interface [column 5, lines 26- 

48]; 

a TCP communications manager capable of interacting with a plurality of 
client devices and server devices simultaneously via the communications interface 
[column 20, lines 1 1-29]; 
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a secure communications manager to negotiate a secure communication 
session with one of the client devices [column 8 line 49 to column 9 line 14]; 

an encryption and decryption engine instructing the processor to decrypt 
data received via the secure communications session and direct the decrypted data 
it to one of said server devices via a second communication session [column 8 
line 49 to column 9 line 14]; and 

a load balancing engine associating each of said client devices with a 
respective one of said servers devices based on calculated processing loads of 
each said server devices [column 17 line 41 to column 18 line 24]. 
As to claim 2, Hankinson et al discloses that the TCP communications manager provides 
an IP address of an enterprise to said secure communications manager, and each of said plurality 
of server devices is associated with the enterprise [column 7, lines 14-40]. 

As to claim 3, Hankinson et al discloses that the secure communications manager 
negotiates a secure communication session with each of said plurality of client devices over an 
open network [column 8 line 49 to column 9 line 14]. 

As to claim 4, Hankinson et al discloses that the TCP communications manager 
negotiates a separate, open communications session with one of the plurality of server devices 
associated with the enterprise for each secure communications session negotiated with the client 
devices based on the associations of said client devices to said server devices said load balancing 
engines [column 17 line 41 to column 18 line 24]. 

As to claim 5, Hankinson et al discloses that the encryption and decryption engine 
decrypts the data on a packet level by decrypting packet data received on the communications 
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interface via the secure communications session to extract a secure record [column 13, lines 17- 
30]. Hankinson et al discloses decrypting application data from the secure record in the packet 
data [column 13, lines 17-30]. Hankinson et al discloses outputting the decrypted application 
data from the secure record to the one of said server devices via the second communication 
session without processing the application data with an application layer of a TCP/IP stack 
[column 13, lines 17-30]. 

As to claim 6, Hankinson et al discloses that the load-balancing engine selects the second 
communication session [column 17 line 41 to column 18 line 24]. 

As to claim 7, Hankinson et al discloses that the TCP communications manager responds 
to TCP communications negotiations directly for an enterprise [column 12 line 65 to column 13 
line 30]. 

As to claim 22, Hankinson et al discloses that the device comprises a network router 
[column 12 line 65 to column 13 line 30]. 

6. Claims 12-15, 17-21, 23 and 24 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Abjanic U.S. Patent No. 6,732,175 Bl. 

As to claim 12, Abjanic discloses a method for performing acceleration of data 
communications between a plurality of customer devices attempting to communicate with an 
enterprise having a plurality of servers, comprising: 

providing an intermediate acceleration device enabled for secure 
communication with the customer devices, wherein the acceleration device has an 
IP address associated with the enterprise [column 10, lines 1-32]; 
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receiving with the acceleration device communications directed to the 
enterprise in a secure protocol from one of the customer devices [column 10, lines 
1-32]; 

decrypting data packets of the secure protocol with the acceleration device 
to provide decrypted packet data [column 10, lines 1-32]; 

selecting with the acceleration device at least one of the plurality of 
servers in the enterprise based on a load calculation including processing sessions 
of other servers in the enterprise and associating the selected server with a 
communications session from the one of the clients [column 10, lines 1-32]; and 

forwarding the decrypted packet data from the acceleration device to the 
selected server of the enterprise [column 10, lines 1-32]. 
As to claim 13, Abjanic discloses the steps of receiving application data from the selected 
server of the enterprise, encrypting the application data received from the selected server, and 
forwarding encrypted application data to the customer device [column 10, lines 1-32]. 

As to claim 14, Abjanic discloses that the step of receiving communications directed to 
the enterprise includes receiving with the device communications having a destination IP address 
of the enterprise [column 10, lines 1-32]. 

As to claim 15, Abjanic discloses the step of negotiating the secure protocol session with 
the customer device by responding as the enterprise to the customer devices [column 10, lines 
33-67]. 
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As to claim 17, Abjanic discloses that the step of forwarding comprises: 

establishing an open communication session from the acceleration device 
to the selected server [column 5, lines 14-40], and 

mapping the decrypted packet data to the open communication session 
established with the selected server [column 5, lines 14-40]. 
As to claim 18, Abjanic discloses that the open communication session is established via 
a secure network [column 5, lines 14-40]. 

As to claim 19, Abjanic discloses that the step of receiving comprises: 

receiving encrypted data having a length greater than a TCP segment 
carrying said data [column 10, lines 1-32]; and 

wherein said step of decrypting comprises: 

buffering the encrypted data in a memory buffer in the acceleration 
device, the buffer having a length equivalent to the block cipher size 
necessary to perform the cipher [column 10, lines 1-32]; and 

decrypting the buffered segment of the received encrypted data to 
provide decrypted application data [column 10, lines 1-32]. 
As to claim 20, Abjanic discloses the step of authenticating the data on receipt of a final 
TCP segment on a packet level without processing the application data with an application layer 
of a TCP/IP stack [column 6, lines 1-27]. 

As to claim 21, Abjanic discloses the step of generating an alert if said step of 
authenticating results in a failure [column 6 line 63 to column 7 line 12]. 
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As to claim 23, Abjanic discloses decrypting data packets comprises decrypting the data 
packets at a packet level of a TCP/IP stack [column 6, lines 1-27]. 

As to claim 24, Abjanic discloses that decrypting data packets comprises: 

decrypting the data packets to extract a secure record [column 10, lines 1- 

32], 

decrypting application data from the secure record [column 10, lines 1- 
32], and 

authenticating the application data without processing the application data 
with an application layer of a TCP/IP stack [column 10, lines 1-32]. 
7. Claims 25-28 are rejected under 35 U.S.C. 102(e) as being anticipated by Baskey et al 
U.S. Patent No. 6,732,269 Bl. 

As to claim 25, Baskey et al discloses a system comprising: 

a client device [column 5, lines 17-57]; 

a plurality of server devices [column 5, lines 17-57]; and 

an intermediate device coupled between the client devices and the server 
devices [column 5, lines 17-57], 

wherein the intermediate device intercepts a request from the client device 
for a secure communication session [column 5 line 58 to column 6 line 16], and 

wherein, in response to the request, the intermediate device establishes a 
secure communication session with the client device, selects one of the server 
devices based on resource loading experienced by the server devices, and 
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establishes a non-secure communication session with the selected server device 
[column 5 line 58 to column 6 line 16]. 

As to claim 26, Baskey et al discloses that the intermediate device receives encrypted 
data from the client device via the secure communication session, decrypts the data and forwards 
the decrypted data to the selected server device via the non-secure communication session 
[column 8 line 51 to column 9 line 19]. 

As to claim 27, Baskey et al discloses that the intermediate device receives unencrypted 
data from the selected server device via the non-secure communication session, encrypts the data 
and forwards the encrypted data to the client device via the secure communication session 
[column 8 line 51 to column 9 line 19]. 

As to claim 28, Baskey et al discloses that the intermediate device comprises a network 
router [column 5, lines 17-57]. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 8-11 is rejected under 35 U.S.C 103(a) as being unpatentable over Hankinson et 

al U.S. Patent No. 6,799,202 Bl as applied to claim 1 above, and further in view of Gelman 

et al U.S. Patent No. 6,415,329 Bl. 

As to claims 8 and 11, Hankinson et al does not teach that the secure communications 
manager changes a destination IP address for each packet to a server IP address for each session. 
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Gelman et al teaches a secure communications manager that changes a destination IP 
address for each packet to a server IP address for each session [column 10, lines 9-21]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Hankinson et al so that the proxy server would 
have changed the destination IP address for each packet to one of the server IP addresses for 
each session. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Hankinson et al by the teaching of Gelman et al because 
the detrimental effects of latency and errors on TCP are avoided and link utilization is greatly 
increased. TCP/IP headers are replaced with a much shorter WLP header, leaving more 
bandwidth for data. In addition, TCP/IP data may be compressed so that fewer bytes need to be 
sent over the wireless segment, thus improving data transfer times. Encryption may also be used 
to protect data from eavesdropping. Finally, the system may be implemented without making any 
changes to the TCP/IP code on the gateway. No changes of any kind are required to the end users 
[column 5, lines 54-67]. 

As to claim 9, Hankinson teaches that the TCP communications manager maintains TCP 
communication sessions with the server devices, and wherein the secure communications 
manager engine negotiates a secure communication session for each TCP communications 
session [column 8 line 49 to column 9 line 14]. 

As to claim 10, Hankinson teaches that the secure communications manager responds to 
all secure communications with each client device [column 8 line 49 to column 9 line 14]. 
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9. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Abjanic U.S. 
Patent No. 6,732,175 Bl as applied to claim 12 above, and further in view of Gelman et al 
U.S. Patent No. 6,415,329 Bl. 

As to claim 16, Lincke et al does not teach that the step of forwarding comprises 
modifying the destination IP address of data packets from the enterprise IP to an IP for the 
selected server. 

Gelman et al teaches a secure communications manager that changes a destination IP 
address for each packet to a selected server IP address for each session [column 10, lines 9-21]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Lincke et al so that the proxy server would have 
changed the destination IP address for each packet to one of the server IP addresses for each 
session. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Lincke et al by the teaching of Gelman et al because the 
detrimental effects of latency and errors on TCP are avoided and link utilization is greatly 
increased. TCP/IP headers are replaced with a much shorter WLP header, leaving more 
bandwidth for data. In addition, TCP/IP data may be compressed so that fewer bytes need to be 
sent over the wireless segment, thus improving data transfer times. Encryption may also be used 
to protect data from eavesdropping. Finally, the system may be implemented without making any 
changes to the TCP/IP code on the gateway. No changes of any kind are required to the end users 
[column 5, lines 54-67]. 
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Conclusion 



10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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